Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | merge #1100 from zackw: rework X11 xorg processing - this is a partial merge | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework X11 display number assignment | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework abstract X11 socket detection | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework xpra and xephyr detection | netblue30 | 2017-02-15 |
| | |||
* | merge #1100 from zackw: rework DISPLAY environment parsing, rework masking ↵ | netblue30 | 2017-02-14 |
| | | | | X11 sockets in /tmp/.X11-unix directory | ||
* | compile cleanup | netblue30 | 2017-02-14 |
| | |||
* | merge #1100 from zackw: fix ugly memeory corruption in noblacklist processing | netblue30 | 2017-02-14 |
| | |||
* | merge #1100 from zackw: removed libconnect | netblue30 | 2017-02-14 |
| | |||
* | profile merges | netblue30 | 2017-02-12 |
| | |||
* | Merge pull request #1099 from valoq/master | netblue30 | 2017-02-12 |
|\ | | | | | added iridium browser profile | ||
| * | iridium fix | valoq | 2017-02-12 |
| | | |||
| * | included alternative name for iridium browser | valoq | 2017-02-12 |
| | | |||
| * | added iridium browser profile | valoq | 2017-02-12 |
| | | |||
* | | force-nonewprivs fix for /etc/firejail/firejail.config | netblue30 | 2017-02-12 |
| | | |||
* | | follow-symlink-as-user runtime config option in /etc/firejail/firejail.config | netblue30 | 2017-02-12 |
| | | |||
* | | firecfg.config fix | netblue30 | 2017-02-12 |
|/ | |||
* | README.md | netblue30 | 2017-02-11 |
| | |||
* | README.md | netblue30 | 2017-02-11 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | copyright 2017 | netblue30 | 2017-02-11 |
| | |||
* | persistent support for all profile files | netblue30 | 2017-02-09 |
| | |||
* | persistent config | netblue30 | 2017-02-09 |
| | |||
* | adding macro for include command in profile files | netblue30 | 2017-02-09 |
| | |||
* | firemon fix | netblue30 | 2017-02-07 |
| | |||
* | --git-install: default disabled in ./configure script | netblue30 | 2017-02-07 |
| | |||
* | disable --git-install at compile time | netblue30 | 2017-02-05 |
| | |||
* | enable strict seccomp filter on overlay options | netblue30 | 2017-02-05 |
| | |||
* | --git-install/--git-uninstall | netblue30 | 2017-02-05 |
| | |||
* | profile merges | netblue30 | 2017-02-05 |
| | |||
* | Merge pull request #1089 from Fred-Barclay/palemoon_private-opt | netblue30 | 2017-02-05 |
|\ | | | | | Security filters | ||
| * | added nogroups to qbittorrent profile | Fred Barclay | 2017-02-05 |
| | | |||
| * | Added private-opt to palemoon profile | Fred Barclay | 2017-02-05 |
|/ | |||
* | --git-install | netblue30 | 2017-02-04 |
| | |||
* | --git-install | netblue30 | 2017-02-04 |
| | |||
* | git-install | netblue30 | 2017-02-04 |
| | |||
* | Merge pull request #1053 from Fred-Barclay/update_scripts | netblue30 | 2017-02-04 |
|\ | | | | | added update scripts | ||
| * | changes for review upstream | Fred Barclay | 2017-01-23 |
| | | |||
| * | added update scripts | Fred Barclay | 2017-01-17 |
| | | |||
* | | quiet fix | netblue30 | 2017-02-04 |
| | | |||
* | | xmms profile fix | netblue30 | 2017-02-04 |
| | | |||
* | | fixed README.md | netblue30 | 2017-02-01 |
| | | |||
* | | --writable-var-log | netblue30 | 2017-01-30 |
| | | |||
* | | --writable-var-log | netblue30 | 2017-01-30 |
| | | |||
* | | --quiet fix | netblue30 | 2017-01-30 |
| | | |||
* | | documentation | netblue30 | 2017-01-29 |
| | | |||
* | | merges | netblue30 | 2017-01-29 |
| | | |||
* | | Merge pull request #1079 from ibukanov/copy_to_root_fix | netblue30 | 2017-01-29 |
|\ \ | | | | | | | fixing --hosts-file privelege check | ||
| * | | fixing --hosts-file privelege check | Igor Bukanov | 2017-01-29 |
|/ / | | | | | | | | | | | Currently the code uses the access() call to check if the user has an access to a file that is copied into the root as /etc/hosts. This inevitably adds a race when the user changes the file to a symbolic link pointing to an arbitrary location on the filsystem after the access check is done but before opening the file to copy it. This potentially allows to read any file on the system. To close this the code adds a utility copy_file_from_user_to_root . It opens the copy destination file as root and then forks/drop privileges. Then as a user the utility opens the source file and do the copy into the destination descriptor that is preserved accross the fork. |